Numerous reports from Reuters, Digital Trends and cybersecurity solution provider FireEye indicate that a major malware attack was recently experienced by an industrial plant connected with energy production in the Middle East. What’s most disturbing is that security experts feel the attacker’s persistence and resources – both technical and financial – point to a deliberate, non-monetary goal that was more politically motivated than the efforts of a random hacker looking to cause some trouble.
Although few details are being made available, the malware reportedly caused significant operational disruptions. The program, dubbed Triton, targeted the plant’s security system in possibly setting up for a larger attack in the future. In particular, users of Triconex, a safety program widely used in oil refineries and nuclear plants are being asked to stay especially vigilant.
It’s believed that Triton targets specific safety instrumentation, reprograming them. Whether the goal is to allow for unsafe operations or completely shut the plant down remains unclear. In this particular case, it’s believed that Triton attempted to reprogram controllers, when led to them entering a safe shutdown mode that halted plant operations and alerted operators to Triton’s presence.
FireEye noted that the attacker could have shut down the plant, but preferred to repeatedly try to gain control of the safety instrumentation system. Triton joins Stuxnet and Industroyer as the top malware programs that have been found to target industrial facilities.